Protected Health Information (PHI) is defined by the US Health Insurance Portability and Accountability Act (HIPAA). The US government generally requires that systems accessing electronic health records need to be configured to grant access to PHI only to people who need to know it. If PHI is accessed by a person not authorized to access it, then this could indicate a violation of both the HIPAA Privacy and Security Rules. Under certain circumstances, such an incident may have to be reported to the US Department of Health and Human Services (HHS) and/or a state agency as a breach of unsecured protected health information. Having good access controls and knowledge of who has viewed or used information (i.e., access logs) can help to prevent or detect these data breaches.
Traditional means of data exchange or interfaces between organizations consist of in person verbal communication, wired telephone and facsimile communication, paper based communication (i.e., mail or courier service), or email communication, text messaging, an application programming interface, among others.